It’s a way for auditors and customers to verify as well. And the general public, if you consider them to be auditors.
-
-
Replying to @matthew_d_green @halvarflake and
Right, so let's say I trust the vendor, but I think their build might be compromised. You're saying "now you can verify their build isn't compromised, but you still have to trust there are no bugdoors", so why wouldn't you trust them not to promise they checked the build repro'd?
3 replies 0 retweets 0 likes -
Replying to @taviso @halvarflake and
In order for them to check the build, they’d have to engineer reproducible builds anyway. So the costs have already been incurred. Might as well make them available to your auditors at no additional cost, so they can eliminate another trust point.
2 replies 0 retweets 3 likes -
Replying to @matthew_d_green @taviso and
I also think you’re considering a model where there’s a binary choice between absolute trust and no consequences for serious bugs, and zero trust. There’s a spectrum.
1 reply 0 retweets 3 likes -
Replying to @matthew_d_green @halvarflake and
It would be nice if that was true, but every month the major vendors publish dozens of backdoor-equivalent vulns. Doesn't that prove there are no penalties for bugdoors? Worse, there might be social penalties or threats to you for discussing a bugdoor you discovered
1 reply 0 retweets 4 likes -
Replying to @taviso @halvarflake and
If you imagine deliberate bugdoors created by nation states, you also have to consider that good bugs can be discovered and exploited in both directions.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @halvarflake and
Not really, you already mentioned Dual-EC. As I understand it, they argue they generated them randomly and it was a genuine spec-bug. You argue is was a bugdoor, but it can only be exploited in one direction, right? The same is true for other bug classes.
1 reply 0 retweets 0 likes -
Replying to @taviso @halvarflake and
Like what? I’m curious what kinds of non-cryptographic bugs are NOBUS like Dual EC.
1 reply 0 retweets 2 likes -
Replying to @matthew_d_green @halvarflake and
Umm, stack buffer overflow parsing https://vendor/latestversion.txt? Nobody else can exploit that, right?
2 replies 0 retweets 2 likes -
Replying to @taviso @matthew_d_green and
The enterprise or edtech middlebox vendor can exploit it.
Along with everyone their static keys leaked to.
1 reply 0 retweets 0 likes
Rich, come on, are you seriously arguing I can't design a bug only I can exploit? Fine, the strcpy() only happens after the embedded PGP clearsign signature is verified. 
-
-
Replying to @taviso @matthew_d_green and
No, just that most cases of "backdoor doesn't matter because only the vendor could use it" are bullshit. I know that's not what you were saying but it's conceptually very close.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @matthew_d_green and
Right, obviously I wouldn't say that. Vendors should not be shipping backdoors, whether they think only they can use them or not.
0 replies 0 retweets 1 like
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.